archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Split a shell snippet in 2 to avoid using use_unsafe_shell=True

Browse Source 
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to toroughly inspect for a security audit.

In this case, the '&&' can be replaced by doing 2 calls to run_command.
reviewable/pr18780/r1
Michael Scherer 9 years ago
parent 0b5555b62c
commit 8c5e8f0425
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
packaging/os/apt_repository.py
Unescape Escape View File

@ -106,7 +106,10 @@ def install_python_apt(module):
if not module.check_mode: if not module.check_mode:
apt_get_path = module.get_bin_path('apt-get') apt_get_path = module.get_bin_path('apt-get')
if apt_get_path: if apt_get_path:
rc, so, se = module.run_command('%s update && %s install python-apt -y -q' % (apt_get_path, apt_get_path), use_unsafe_shell=True) rc, so, se = module.run_command([apt_get_path, 'update'])
if rc != 0:
module.fail_json(msg="Failed to auto-install python-apt. Error was: '%s'" % se.strip())
rc, so, se = module.run_command([apt_get_path, 'install', 'python-apt', '-y', '-q'])
if rc == 0: if rc == 0:
global apt, apt_pkg, aptsources_distro, distro, HAVE_PYTHON_APT global apt, apt_pkg, aptsources_distro, distro, HAVE_PYTHON_APT
import apt import apt

Write Preview
Loading…
Cancel
Save